βΌ CVE-2023-34142 βΌ
π Read
via "National Vulnerability Database".
Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3709 βΌ
π Read
via "National Vulnerability Database".
The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38431 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38428 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43072 βΌ
π Read
via "National Vulnerability Database".
A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4146 βΌ
π Read
via "National Vulnerability Database".
Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3714 βΌ
π Read
via "National Vulnerability Database".
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, including the 'associate_role' parameter, which defines the member's role. This issue was partially patched in version 5.5.2 preventing privilege escalation, however, it was fully patched in 5.5.3.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38430 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3713 βΌ
π Read
via "National Vulnerability Database".
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. This can be used by attackers to achieve privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-34143 βΌ
π Read
via "National Vulnerability Database".
Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3403 βΌ
π Read
via "National Vulnerability Database".
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import new users and update existing users.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38426 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38427 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38432 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38434 βΌ
π Read
via "National Vulnerability Database".
xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3708 βΌ
π Read
via "National Vulnerability Database".
Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.π Read
via "National Vulnerability Database".
βΌ CVE-2023-38429 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.π Read
via "National Vulnerability Database".
βΌ CVE-2023-3459 βΌ
π Read
via "National Vulnerability Database".
The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with shop manager-level permissions to change user passwords and potentially take over administrator accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36695 βΌ
π Read
via "National Vulnerability Database".
Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.π Read
via "National Vulnerability Database".
βΌ CVE-2023-31998 βΌ
π Read
via "National Vulnerability Database".
A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices.π Read
via "National Vulnerability Database".
π’ Warning issued over βincompleteβ fix for Adobe ColdFusion vulnerability π’
π Read
via "ITPro".
An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned π Read
via "ITPro".
ITPro
Warning issued over βincompleteβ fix for Adobe ColdFusion vulnerability
An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned